package com.seraphine.framework.config;

import com.seraphine.framework.config.properties.SecurityProperty;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;

import java.util.List;
import java.util.Map;

/**
 * 描述: 资源服务器
 * 作者: panhongtong
 * 创建时间: 2020-10-16 16:09
 **/
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private SecurityProperty securityProperty;

    /**
     * 这里配置好后会自动调用JwtAccessTokenConverter将jwt解析出来
     * @param resources
     * @throws Exception
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.resourceId(securityProperty.getResourceId()).tokenStore(tokenStore);
    }

    /**
     * 配置资源的拦截规则
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/login").permitAll()
                .antMatchers("/actuator/**").permitAll()
                .antMatchers("/anonymous/**").permitAll()
                .antMatchers("/doc.html/**").permitAll()
                .antMatchers("/webjars/**").permitAll()
                .antMatchers("/swagger/**").permitAll()
                .antMatchers("/swagger-resources/**").permitAll()
                .antMatchers("/v2/**").permitAll();

        // 添加角色和权限关系
        addUrlAndRole(http);

        // 添加放行路径
        List<String> permitList = securityProperty.getPermitAll();
        if (permitList != null) {
            permitList.forEach(e -> {
                try {
                    http.authorizeRequests().antMatchers(e).permitAll();
                } catch (Exception ex) {
                    ex.printStackTrace();
                }
            });
        }
        http.authorizeRequests().anyRequest().authenticated();
    }

    /**
     * 添加角色和权限关系
     */
    private void addUrlAndRole(HttpSecurity http) {
        Map<String,List<String>> map = securityProperty.getUrlAndRole();
        if (map != null) {
            map.forEach((url,roles) -> {
                String[] params = new String[roles.size()];
                for (int i = 0; i < roles.size(); i++) {
                    params[i] = roles.get(i);
                }
                try {
                    http.authorizeRequests().antMatchers(url).hasAnyRole(params);
                } catch (Exception e) {
                    e.printStackTrace();
                }
            });
        }
    }
}
